Friday, January 20, 2006

Encrypted CVS Repository

We currently have a client that's very concerned with Information Security. It's a multinational company, and we're dealing with its Indonesian subsidiary. Its head office periodically performs scans throughout their subsidiaries' networks across the world, and identifies any possible information security breach. The problem is the network scans prove that when someone has read-access to the CVS repository file, he/she can immediately (without any significant effort) browse through the contents of our source codes.

They require us to propose for an immediate solution to the problem. Apparently, having the CVS access security (through encrypted password) and CVS data transfer security (through SSL) are not enough. We are required to prevent the exposure of CVS repository contents even when the CVS repository file itself has been read. David A. Wheeler mentioned this on his SCM Security article.

We currently have two project teams working at the client site. The first project uses CVS whereas the other uses Subversion. We will be having our third project at the client site within the next few weeks. I'm encouraging the third project team to use Subversion instead of CVS. So, considering the importance of this client, it's very important for us to come up with a solution.

After searching through the net, Greg A. Woods mentioned that it's not how CVS was designed. I've tried to search through Subversion site, and I cannot find any information whether Subversion support encrypted repository or not.

Then, it was Thomas Deselaers’ idea that I believe to be a viable solution.

My plan is to find a good open source CVS client implemented in Java. Then, I’ll intercept the commit command (encrypt line by line), and intercept the update command (decrypt line by line). Ensuring also that the encryption is a basic one (probably XOR operation on each character), I’ll have the merge command unmodified.

So, the end result is, the developers will see the un-encrypted source code at their local development environments, whereas the CVS repository will keep the encrypted source code. The diff command will show the diff of the encrypted lines, though.

Anyone has better solution for this?

No comments:

Post a Comment